Working with SFTP directories ··························································································································· 173

Working with SFTP files ······································································································································ 173

Displaying help information ······························································································································· 173

Terminating the connection with the SFTP server ····························································································· 174

Configuring the device as an SCP client ··················································································································· 174

Displaying and maintaining SSH ······························································································································· 176

Stelnet configuration examples ··································································································································· 176

Password authentication enabled Stelnet server configuration example ······················································ 176

Publickey authentication enabled Stelnet server configuration example ······················································· 179

Password authentication enabled Stelnet client configuration example ························································ 184

Publickey authentication enabled Stelnet client configuration example ························································ 187

SFTP configuration examples ······································································································································ 189

Password authentication enabled SFTP server configuration example ·························································· 189

Publickey authentication enabled SFTP client configuration example ··························································· 191

SCP file transfer with password authentication ········································································································· 194

Network requirements ········································································································································· 194

Configuration procedure ···································································································································· 195

Configuring SSL ······················································································································································· 197

Overview ······································································································································································· 197

SSL security mechanism ······································································································································ 197

SSL protocol stack ··············································································································································· 197

FIPS compliance ··························································································································································· 198

SSL configuration task list ············································································································································ 198

Configuring an SSL server policy ······························································································································· 198

Configuring an SSL client policy ································································································································ 199

Displaying and maintaining SSL ································································································································· 200

Configuring IP source guard ·································································································································· 202

Static IP source guard binding entries ··············································································································· 202

Dynamic IPv4 source binding entries ················································································································ 203

IP source guard configuration task list ······················································································································· 203

Configuring the IPv4 source guard function ·············································································································· 203

Enabling IPv4 source guard on an interface ···································································································· 203

Configuring a static IPv4 source guard binding entry on an interface ························································· 204

Configuring the IPv6 source guard function ·············································································································· 205

Enabling IPv6 source guard on an interface ···································································································· 205

Configuring a static IPv6 source guard binding entry on an interface ························································· 205

Displaying and maintaining IP source guard ············································································································ 206

IP source guard configuration examples ··················································································································· 206

Static IPv4 source guard configuration example ····························································································· 206

Dynamic IPv4 source guard using DHCP snooping configuration example ················································· 208

Dynamic IPv4 source guard using DHCP relay configuration example ························································ 210

Static IPv6 source guard configuration example ····························································································· 211

Configuring ARP attack protection ························································································································· 212

ARP attack protection configuration task list ············································································································· 212

Configuring unresolvable IP attack protection ·········································································································· 212

Configuring ARP source suppression ················································································································ 213

Enabling ARP blackhole routing ························································································································ 213

Displaying and maintaining unresolvable IP attack protection ······································································ 213

Configuration example ······································································································································· 213

Configuring ARP packet rate limit ······························································································································ 214